<?php
include('../_libs/mysql.php');
/*
 * Load Web Classes
 */
$handle = opendir("../_libs/Classes/web/");
while ($datei = readdir($handle)) {
    if (($datei == '.') || ($datei == '..')) {
        
    } else {
        include("../_libs/Classes/web/" . $datei);
    }
}
closedir($handle);
/*
 * Load Game Classes
 */
$handle = opendir("../_libs/Classes/game/");
while ($datei = readdir($handle)) {
    if (($datei == '.') || ($datei == '..')) {
        
    } else {
        include("../_libs/Classes/game/" . $datei);
    }
}
closedir($handle);
/*
 * Load Login Classes
 */
$handle = opendir("../_libs/Classes/login/");
while ($datei = readdir($handle)) {
    if (($datei == '.') || ($datei == '..')) {
        
    } else {
        include("../_libs/Classes/login/" . $datei);
    }
}
closedir($handle);
if(!isset($_SESSION['access_level'])) {
	$_SESSION['access_level'] = 0;
}
if($_SESSION['access_level'] >= 1) {
	if ($_GET['action'] == 'count') {
		$sql = 'UPDATE ' . DB_LOGIN . '.aionshop_items SET itemCount = :value WHERE itemUniqueId = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':value', $_POST['value']);
		$dbh->bindValue(':id', $_GET['id']);
		$dbh->execute();
		print $_POST['value'];
	}
	if ($_GET['action'] == 'price') {
		$sql = 'UPDATE ' . DB_LOGIN . '.aionshop_items SET itemPrice = :value WHERE itemUniqueId = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':value', $_POST['value']);
		$dbh->bindValue(':id', $_GET['id']);
		$dbh->execute();

		print $_POST['value'];
	}
	if ($_GET['action'] == 'name') {
		$sql = 'UPDATE ' . DB_LOGIN . '.aionshop_items SET itemName = :value WHERE itemUniqueId = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':value', $_POST['value']);
		$dbh->bindValue(':id', $_GET['id']);
		$dbh->execute();

		print $_POST['value'];
	}
	if ($_GET['action'] == 'agcoins') {
		$sql = 'UPDATE ' . DB_LOGIN . '.account_data SET credits = :value WHERE id = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':value', $_POST['value']);
		$dbh->bindValue(':id', $_GET['id']);
		$dbh->execute();

		print $_POST['value'];
	}
	if ($_GET['action'] == 'votecoins') {
		$sql = 'UPDATE ' . DB_CMS . '.module_votebanners SET coins = :value WHERE id = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':value', $_POST['value']);
		$dbh->bindValue(':id', $_GET['id']);
		$dbh->execute();

		print $_POST['value'];
	}
	if (isset($_POST['shop'])) {
		$id = $_POST['shop'];
		$sql = 'DELETE FROM ' . DB_LOGIN . '.aionshop_items WHERE itemUniqueId = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':id', $id);
		$dbh->execute();
	}
	if (isset($_POST['donate'])) {
		$id = $_POST['donate'];
		$sql = 'DELETE FROM ' . DB_CMS . '.module_donate WHERE id = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':id', $id);
		$dbh->execute();
	}
	if (isset($_POST['navi'])) {
		$id = $_POST['navi'];
		$sql = 'DELETE FROM ' . DB_CMS . '.website_navigation WHERE id = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':id', $id);
		$dbh->execute();
	}
	if (isset($_POST['shopcat'])) {
		$id = $_POST['shopcat'];
		$sql = 'DELETE FROM ' . DB_LOGIN . '.aionshop_categories WHERE categoryId = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':id', $id);
		$dbh->execute();
	}
	if (isset($_POST['announcement'])) {
		$id = $_POST['announcement'];
		$sql = 'DELETE FROM ' . DB_GAME . '.announcements WHERE id = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':id', $id);
		$dbh->execute();
	}
	if (isset($_POST['creport'])) {
		$id = $_POST['creport'];
		$sql = 'DELETE FROM ' . DB_CMS . '.module_creport WHERE id = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':id', $id);
		$dbh->execute();
	}
	if (isset($_POST['module'])) {
		$id = $_POST['module'];

		$sql = 'SELECT * FROM ' . DB_CMS . '.website_modules WHERE id = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':id', $id);
		$dbh->execute();
		$row = $dbh->fetch(PDO::FETCH_ASSOC);

		function rrmdir($dir) {
			foreach (glob($dir . '/*') as $file) {
				if (is_dir($file))
					rrmdir($file);
				else
					unlink($file);
			}
			rmdir($dir);
		}

		if (!empty($row['module'])) {
			rrmdir('../_modules/' . $row['module']);
			rrmdir('../_templates/' . $row['module']);
			unlink('../_languages/en/' . $row['module'] . 'module.php');

			$sql = 'DELETE FROM ' . DB_CMS . '.website_modules WHERE module = :module';
			$dbh = $connection->prepare($sql);
			$dbh->bindValue(':module', $row['module']);
			$dbh->execute();
		}
	}
	if (isset($_POST['access_delete'])) {
		$id = $_POST['access_delete'];
		$sql = 'DELETE FROM ' . DB_CMS . '.website_access_levels WHERE id = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':id', $id);
		$dbh->execute();
	}
	if (isset($_POST['report'])) {
		$id = $_POST['report'];
		$sql = 'DELETE FROM ' . DB_CMS . '.module_preport WHERE id = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':id', $id);
		$dbh->execute();
		$sql = 'DELETE FROM '.DB_CMS.'.module_preport_answers WHERE reportID = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':id', $id);
		$dbh->execute();
	}
	if ($_GET['action'] == 'navi_access') {
		$main = new main;
		$sql = 'UPDATE ' . DB_CMS . '.website_navigation SET access_level = :value WHERE id = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':value', $_POST['value']);
		$dbh->bindValue(':id', $_GET['id']);
		$dbh->execute();

		print $main->getRights($_POST['value']);
	}
	if ($_GET['action'] == 'navi_title') {
		$sql = 'UPDATE ' . DB_CMS . '.website_navigation SET title = :value WHERE id = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':value', $_POST['value']);
		$dbh->bindValue(':id', $_GET['id']);
		$dbh->execute();

		print $_POST['value'];
	}

	if ($_GET['action'] == 'mod_access') {
		$main = new main;
		$sql = 'UPDATE ' . DB_CMS . '.website_modules SET access_level = :value WHERE id = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':value', $_POST['value']);
		$dbh->bindValue(':id', $_GET['id']);
		$dbh->execute();

		print $main->getRights($_POST['value']);
	}
	if ($_GET['action'] == 'mod_title') {
		$sql = 'UPDATE ' . DB_CMS . '.website_modules SET title = :value WHERE id = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':value', $_POST['value']);
		$dbh->bindValue(':id', $_GET['id']);
		$dbh->execute();

		print $_POST['value'];
	}
	if ($_GET['action'] == 'mod_name') {
		$sql = 'UPDATE ' . DB_CMS . '.website_modules SET module = :value WHERE id = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':value', $_POST['value']);
		$dbh->bindValue(':id', $_GET['id']);
		$dbh->execute();

		print $_POST['value'];
	}
	if ($_GET['action'] == 'access_level') {
		$sql = 'UPDATE ' . DB_CMS . '.website_access_levels SET access_level = :value WHERE id = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':value', $_POST['value']);
		$dbh->bindValue(':id', $_GET['id']);
		$dbh->execute();

		print $_POST['value'];
	}
	if ($_GET['action'] == 'access_title') {
		$sql = 'UPDATE ' . DB_CMS . '.website_access_levels SET title = :value WHERE id = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':value', $_POST['value']);
		$dbh->bindValue(':id', $_GET['id']);
		$dbh->execute();

		print $_POST['value'];
	}
	if ($_GET['action'] == 'mod_licence') {
		$sql = 'UPDATE ' . DB_CMS . '.website_modules SET licencekey = :value WHERE id = :id';
		$dbh = $connection->prepare($sql);
		$dbh->bindValue(':value', $_POST['value']);
		$dbh->bindValue(':id', $_GET['id']);
		$dbh->execute();

		print $_POST['value'];
	}
}
?>